Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Survey on Property-Preserving Database Encryption Techniques in the Cloud (2312.12075v1)

Published 19 Dec 2023 in cs.CR and cs.DB

Abstract: Outsourcing a relational database to the cloud offers several benefits, including scalability, availability, and cost-effectiveness. However, there are concerns about the security and confidentiality of the outsourced data. A general approach here would be to encrypt the data with a standardized encryption algorithm and then store the data only encrypted in the cloud. The problem with this approach, however, is that with encryption, important properties of the data such as sorting, format or comparability, which are essential for the functioning of database queries, are lost. One solution to this problem is the use of encryption algorithms, which also preserve these properties in the encrypted data, thus enabling queries to encrypted data. These algorithms range from simple algorithms like Caesar encryption to secure algorithms like mOPE. The report at hand presents a survey on common encryption techniques used for storing data in relation Cloud database services. It presents the applied methods and identifies their characteristics.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (75)
  1. P. M. Mell and T. Grance, “Sp 800-145. the nist definition of cloud computing,” National Institute of Standards & Technology, Gaithersburg, MD, United States, Tech. Rep., 2011.
  2. S. Leimeister, C. Riedl, M. Böhm, and H. Krcmar, “The business perspective of cloud computing: Actors, roles, and value networks,” in Proceedings of 18th European Conference on Information Systems (ECIS 2010), Pretoria, South Africa, 2010. [Online]. Available: http://home.in.tum.de/~riedlc/res/LeimeisterEtAl2010-preprint.pdf
  3. I. M. Khalil, A. Khreishah, and M. Azeem, “Cloud computing security: A survey,” Computers, vol. 3, no. 1, pp. 1–35, 2014.
  4. L. Stadtmueller, “Are cloud managed services the right financial choice for your business? an executive brief sponsored by ibm,” 2017. [Online]. Available: https://www.inxero.com/channels/flagshipsg-com/showcase/2422-managed-services?resource_mapping_id=28325
  5. H. Hacigumus, B. Iyer, and S. Mehrotra, “Providing database as a service,” in Proceedings of the 18th International Conference on Data Engineering, ser. ICDE ’02.   Washington, DC, USA: IEEE Computer Society, 2002, pp. 29–. [Online]. Available: http://dl.acm.org/citation.cfm?id=876875.879015
  6. W. Neu, “Role of the dba when moving to amazon rds: Responsibilities,” 11 2017. [Online]. Available: https://aws.amazon.com/blogs/database/part-1-role-of-the-dba-when-moving-to-amazon-rds-responsibilities/
  7. E. McCallister, T. Grance, and K. A. Scarfone, “Sp 800-122,” Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), National Institute of Standards & Technology, Gaithersburg, MD, 2010.
  8. K. Hänsch and L. Serna, “Directive 95/46/ec of the european parliament and of the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, nov. 1995.”
  9. K. A. Scarfone, W. Jansen, and M. Tracy, “Sp 800-123. guide to general server security,” National Institute of Standards & Technology, Gaithersburg, MD, United States, Tech. Rep., 2008.
  10. Symantec, “Data privacy and compliance in the cloud.” [Online]. Available: https://www.symantec.com/content/dam/symantec/docs/white-papers/data-privacy-and-compliance-in-the-cloud-en.pdf
  11. Visa, “Visa best practices for tokenization version 1.0,” 7 2010. [Online]. Available: https://usa.visa.com/dam/VCOM/global/support-legal/documents/bulletin-tokenization-best-practices.pdf
  12. P. G. Alexandra Boldyreva, “The cloud encryption handbook: Encryption sscheme and their elative strengths and weaknesses.”
  13. R. Spenneberg, “Ipsec howto.” [Online]. Available: http://www.ipsec-howto.org/
  14. Microsoft, “Transparent data encryption (tde) sql server 2012,” http://technet.microsoft.com/en-us/library/bb934049.aspx.
  15. H.-W. Fabry, “Daten verschlüsseln mit transparent data encryption (tde),” ORACLE Deutschland GmbH. [Online]. Available: http://www.oracle.com/webfolder/technetwork/de/community/dbadmin/tipps/tde/index.html
  16. L. S. Nishad, Akriti, J. Paliwal, R. Pandey, S. Beniwal, and S. Kumar, “Security, privacy issues and challenges in cloud computing: A survey,” in Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, ser. ICTCS ’16.   New York, NY, USA: ACM, 2016, pp. 47:1–47:7. [Online]. Available: http://doi.acm.org/10.1145/2905055.2905253
  17. I. Amazon Web Services, “Aws security best practices,” 2016. [Online]. Available: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
  18. R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina, “Controlling data in the cloud: Outsourcing computation without outsourcing control,” in Proceedings of the 2009 ACM Workshop on Cloud Computing Security, ser. CCSW ’09.   New York, NY, USA: ACM, 2009, pp. 85–90. [Online]. Available: http://doi.acm.org/10.1145/1655008.1655020
  19. CSA, “The treacherous 12 cloud computing top threats in 2016,” 2016. [Online]. Available: https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12Cloud-ComputingTop-Threats.pdf
  20. A. V. Katerina Lourida1, Antonis Mouhtaropoulos2, “Assessing database and network threats in traditional and cloud computing,” International Journal of Cyber-Security and Digital Forensics (IJCSDF) 2(3): 1-17 The Society of Digital Information and Wireless Communications, 2013 (ISSN: 2305-0012.
  21. M. Jouini, L. B. A. Rabai, and A. B. Aissa, “Classification of security threats in information systems,” Procedia Computer Science, vol. 32, pp. 489–496, 2014.
  22. OWASP, “Threat risk modeling.” [Online]. Available: https://www.owasp.org/index.php/Threat_Risk_Modeling
  23. Q. Yaseen and B. Panda, “Knowledge acquisition and insider threat prediction in relational database systems,” 2013 IEEE 16th International Conference on Computational Science and Engineering, vol. 3, pp. 450–455, 2009.
  24. ——, “Tackling insider threat in cloud relational databases,” Utility and Cloud Computing, IEEE Internatonal Conference on, vol. 0, pp. 215–218, 2012.
  25. H. Hacigumus, B. Iyer, C. Li, and S. Mehrotra, “Executing sql over encrypted data in the database-service-provider model,” in Proceedings of the 2002 ACM SIGMOD international conference on Management of data, ser. SIGMOD ’02.   New York, NY, USA: ACM, 2002, pp. 216–227. [Online]. Available: http://doi.acm.org/10.1145/564691.564717
  26. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, “Order preserving encryption for numeric data,” in Proceedings of the 2004 ACM SIGMOD international conference on Management of data, ser. SIGMOD ’04.   New York, NY, USA: ACM, 2004, pp. 563–574. [Online]. Available: http://doi.acm.org/10.1145/1007568.1007632
  27. A. Boldyreva, N. Chenette, Y. Lee, and A. O’Neill, “Order-Preserving Symmetric Encryption,” in Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques, ser. EUROCRYPT ’09.   Berlin, Heidelberg: Springer-Verlag, 2009, pp. 224–241. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-01001-9_13
  28. A. Boldyreva, N. Chenette, and A. O’Neill, “Order-preserving encryption revisited: Improved security analysis and alternative solutions,” in Advances in Cryptology – CRYPTO 2011, P. Rogaway, Ed.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 578–595.
  29. E. Mykletun and G. Tsudik, “Aggregation queries in the database-as-a-service model,” in 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security on Data and Applications Security XX - Volume 4127.   New York, NY, USA: Springer-Verlag New York, Inc., 2006, pp. 89–103. [Online]. Available: https://doi.org/10.1007/11805588_7
  30. H. Mengke, “Key-controlled order-preserving encryption,” pp. 1–5, 2010. [Online]. Available: http://eprint.iacr.org/2010/268
  31. C. Mavroforakis, N. Chenette, A. O’Neill, G. Kollios, and R. Canetti, “Modular order-preserving encryption, revisited,” in Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data, ser. SIGMOD ’15.   New York, NY, USA: ACM, 2015, pp. 763–777. [Online]. Available: http://doi.acm.org/10.1145/2723372.2749455
  32. H. Kadhem, T. Amagasa, and H. Kitagawa, “Optimization techniques for range queries in the multivalued-partial order preserving encryption scheme,” in Knowledge Discovery, Knowledge Engineering and Knowledge Management, A. Fred, J. L. G. Dietz, K. Liu, and J. Filipe, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp. 338–353.
  33. R. A. Popa, F. H. Li, and N. Zeldovich, “An ideal-security protocol for order-preserving encoding,” in 2013 IEEE Symposium on Security and Privacy, 5 2013, pp. 463–477.
  34. K. S. Reddy and S. Ramachandram, “A novel dynamic order-preserving encryption scheme,” in 2014 First International Conference on Networks Soft Computing (ICNSC2014), 8 2014, pp. 92–96.
  35. F. Kerschbaum and A. Schroepfer, “Optimal average-complexity ideal-security order-preserving encryption,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’14.   New York, NY, USA: ACM, 2014, pp. 275–286. [Online]. Available: http://doi.acm.org/10.1145/2660267.2660277
  36. K. S. Kim, M. Kim, D. Lee, J. H. Park, and W.-H. Kim, “Security of stateful order-preserving encryption,” in Information Security and Cryptology – ICISC 2017, H. Kim and D.-C. Kim, Eds.   Cham: Springer International Publishing, 2018, pp. 39–56.
  37. M. Maffei, M. Reinert, and D. Schröder, “On the security of frequency-hiding order-preserving encryption,” in Cryptology and Network Security, S. Capkun and S. S. M. Chow, Eds.   Cham: Springer International Publishing, 2018, pp. 51–70.
  38. S. Lee, T.-J. Park, D. Lee, T. Nam, and S. Kim, “Chaotic order preserving encryption for efficient and secure queries on databases,” IEICE transactions on information and systems, vol. 92, no. 11, pp. 2207–2217, 2009.
  39. C. Yang, W. Zhang, and N. Yu, “Semi-order preserving encryption,” Information Sciences, vol. 387, pp. 266 – 279, 2017. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0020025516320503
  40. C. Yang, W. Zhang, J. Ding, and N. Yu, “Probability-p order-preserving encryption,” in Cloud Computing and Security: Third International Conference, ICCCS 2017, Nanjing, China, June 16-18, 2017, Revised Selected Papers, Part II 3.   Springer, 2017, pp. 16–28.
  41. Z. Liu, X. Chen, J. Yang, C. Jia, and I. You, “New order preserving encryption model for outsourced databases in cloud environments,” Journal of Network and Computer Applications, vol. 59, pp. 198 – 207, 2016. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1084804514001350
  42. J. Dyer, M. Dyer, and J. Xu, “Order-preserving encryption using approximate integer common divisors,” CoRR, vol. abs/1706.00324, 2017. [Online]. Available: http://arxiv.org/abs/1706.00324
  43. K. Li, W. Zhang, C. Yang, and N. Yu, “Security analysis on one-to-many order preserving encryption-based cloud data search,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1918–1926, 9 2015.
  44. R. T. Santi Martinez, Josep M. Miret and M. Valls, “Security analysis of order preserving symmetric cryptography,” Applied Mathematics & Information Sciences, 2013.
  45. H. Quan, B. Wang, Y. Zhang, and G. Wu, “Efficient and secure top-k queries with top order-preserving encryption,” IEEE Access, vol. 6, pp. 31 525–31 540, 2018.
  46. M. Bellare, T. Ristenpart, P. Rogaway, and T. Stegers, “Format-preserving encryption,” Cryptology ePrint Archive, Report 2009/251, 2009.
  47. P. Rogaway, “A synopsis of format-preserving encryption,” 2010.
  48. N. Chenette, K. Lewi, S. A. Weis, and D. J. Wu, “Practical order-revealing encryption with limited leakage,” Cryptology ePrint Archive, Report 2015/1125, 2015.
  49. F. B. Durak, T. M. DuBuisson, and D. Cash, “What else is revealed by order-revealing encryption?” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16.   New York, NY, USA: ACM, 2016, pp. 1155–1166. [Online]. Available: http://doi.acm.org/10.1145/2976749.2978379
  50. D. Morris, “Recommendation for block cipher modes of operation: methods for formatpreserving encryption,” NIST Special Publication, vol. 800, p. 38G, 2013.
  51. Z. Liu, C. Jia, J. Yang, and K. Yuan, “Format-preserving fuzzy query mechanism,” 2013 Fourth International Conference on Emerging Intelligent Data and Web Technologies, vol. 0, pp. 220–226, 2013.
  52. N. Smart and F. Vercauteren, “Fully homomorphic encryption with relatively small key and ciphertext sizes,” Cryptology ePrint Archive, Report 2009/571, 2009. [Online]. Available: http://eprint.iacr.org/
  53. Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “Fully homomorphic encryption without bootstrapping,” Cryptology ePrint Archive, Report 2011/277, 2011. [Online]. Available: http://eprint.iacr.org/
  54. K. Lauter, M. Naehrig, and V. Vaikuntanathan, “Can homomorphic encryption be practical?” Cryptology ePrint Archive, Report 2011/405, 2011, http://eprint.iacr.org/.
  55. J.-S. Coron, D. Naccache, and M. Tibouchi, “Optimization of fully homomorphic encryption,” Cryptology ePrint Archive, Report 2011/440, 2011. [Online]. Available: http://eprint.iacr.org/
  56. C. Gentry and S. Halevi, “Implementing gentry’s fully-homomorphic encryption scheme,” in EUROCRYPT, 2011, pp. 129–148.
  57. M. V. Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, “Fully homomorphic encryption over the integers,” Accepted to Eurocrypt 2010 Available, vol. athttp, p. //eprintiacrorg/2009/616, 2009. [Online]. Available: http://eprint.iacr.org/2009/616.pdf
  58. Y. Gahi, M. Guennoun, and K. El-Khatib, “A secure database system using homomorphic encryption schemes,” CoRR, vol. abs/1512.03498, 2015.
  59. D. Boneh, A. Sahai, and B. Waters, “Functional encryption: A new vision for public-key cryptography,” Commun. ACM, vol. 55, no. 11, pp. 56–64, Nov. 2012. [Online]. Available: http://doi.acm.org/10.1145/2366316.2366333
  60. Eperi, “How eperi can help to achieve compliance with strict data residency requirements,” [Online]. Available: https://blog.eperi.co, 2018.
  61. C. Curino, E. Jones, R. A. Popa, N. Malviya, E. Wu, S. Madden, H. Balakrishnan, and N. Zeldovich, “Relational Cloud: A Database Service for the Cloud,” in 5th Biennial Conference on Innovative Data Systems Research, Asilomar, CA, 1 2011.
  62. R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan, “Cryptdb: Protecting confidentiality with encrypted query processing,” in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, ser. SOSP ’11.   New York, NY, USA: ACM, 2011, pp. 85–100. [Online]. Available: http://doi.acm.org/10.1145/2043556.2043566
  63. S. Tu, M. F. Kaashoek, S. Madden, and N. Zeldovich, “Processing analytical queries over encrypted data,” Proc. VLDB Endow., vol. 6, no. 5, pp. 289–300, Mar. 2013. [Online]. Available: http://dx.doi.org/10.14778/2535573.2488336
  64. P. Antonopoulos, A. Arasu, K. D. Singh, K. Eguro, N. Gupta, R. Jain, R. Kaushik, H. Kodavalla, D. Kossmann, N. Ogg et al., “Azure sql database always encrypted,” in Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data, 2020, pp. 1511–1525.
  65. J. Koppenwallner and E. Schikuta, “Dice – a data encryption proxy for the cloud,” 2023.
  66. E. Schikuta, T. Fuerle, and H. Wanek, “Vipios: The vienna parallel input/output system,” in Euro-Par98 Parallel Processing: 4th International Euro-Par Conference.   Springer, 1998, pp. 953–958.
  67. W. Mach and E. Schikuta, “A generic negotiation and re-negotiation framework for consumer-provider contracting of web services,” in Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services, 2012, pp. 348–351.
  68. E. Schikuta and T. Weishäupl, “N2grid: neural networks in the grid,” in 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No. 04CH37541), vol. 2.   IEEE, 2004, pp. 1409–1414.
  69. E. Schikuta, F. Donno, H. Stockinger, H. Wanek, T. Weishäupl, E. Vinek, and C. Witzany, “Business in the grid: Project results,” in 1st Austrian Grid Symposium.   OCG, 12 2005. [Online]. Available: http://eprints.cs.univie.ac.at/745/
  70. T. Weishäupl and E. Schikuta, “Towards the merger of grid and economy,” in Grid and Cooperative Computing - GCC 2004 Workshops, H. Jin, Y. Pan, N. Xiao, and J. Sun, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2004, pp. 563–570.
  71. E. Schikuta, H. Wanek, and I. Ul Haq, “Grid workflow optimization regarding dynamically changing resources and conditions,” Concurrency and Computation: Practice and Experience, vol. 20, no. 15, pp. 1837–1849, 2008.
  72. K. Kofler, I. ul Haq, and E. Schikuta, “A parallel branch and bound algorithm for workflow qos optimization,” in 2009 International Conference on Parallel Processing.   IEEE, 2009, pp. 478–485.
  73. G. Stuermer, J. Mangler, and E. Schikuta, “Building a modular service oriented workflow engine,” in 2009 IEEE international conference on service-oriented computing and applications (SOCA).   IEEE, 2009, pp. 1–4.
  74. P. Jagadeeswaraiah and M. P. Kumar, “Securedbaas model for accessing encrypted cloud databases,” Telkomnika Indonesian Journal of Electrical Engineering, vol. 16, no. 2, pp. 333–340, 2015.
  75. K. Beer and R. Holland, “Securing data at rest with encryption.” [Online]. Available: https://d0.awsstatic.com/whitepapers/aws-securing-data-at-rest-with-encryption.pdf

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now